Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
0
Helpful
2
Replies

PIX, Nessus and the ip_id field in IP packets

dsax
Level 1
Level 1

‎03-10-2003 11:25 AM - edited ‎02-20-2020 10:36 PM

When I scan the interface ip address of a PIX (version 6.2.2.111) with Nessus, I'm shown a Security Issue Warning refering to non-random ip id values in the ip_id field in IP packets. Some research indicates that this can be used for:

stealth os fingerprinting

anti-spoofing rule discovery

stealth scanning

Does the PIX use non-random ip id values?

Is this something that I should be concerned about?

If not what defense does the PIX have against these exploits.

Thanks in advance,

D.Sax

0 Helpful
2 Replies 2

shannong
Level 4
Level 4

‎03-10-2003 05:21 PM

These aren't exploits. Exploits are used to compromise a host. These are information discovery techniques.

0 Helpful

dsax
Level 1
Level 1
In response to shannong

‎03-11-2003 05:47 AM

My mistake, you're right, this is an information discovery technique not a vulnerability. I still have some questions though:

Does the PIX use non-random ip id values?

Should I be concerned about this?

How does the PIX respond to this type of reconnaissance technique?

Can I or do I have to configure the PIX to defend against being used for or subject to this type of discovery?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card